The present invention relates generally to the field of computing resource management and more specifically to providing security solutions for a multi-node system.
A server is a computer program or device that provides functionality (i.e., services) for other programs or devices, which are referred to as “clients.” This type of setup is known as the client-server model, where a single overall computation is distributed across multiple processes or devices. Some services include sharing data or resources among multiple clients. A single server can serve multiple clients and a single client can use multiple servers. In some instances, a client process may run on the same server device in which the client resides. In other instances, a client process may connect over a network to the server on a different service device from which the client resides.
A virtual machine (VM) is an emulation of a computer system. Virtual machines, which are based on computer architectures, mimic the functionality of a physical computer. VM implementations may involve specialized hardware, software, or a combination of specialized hardware and software. There are different kinds of virtual machines, each with different functions. System VMs (also termed full virtualization VMs) act as a substitute for a real machine by providing functionalities needed to execute entire operating systems. Process VMs are designed to execute computer programs in a platform-independent environment. Some VMs, such as QEMU, are designed to also emulate different architectures while performing the execution of software applications and operating systems written for another CPU or architecture. Operating-system-level (OSL) virtualization allows the resources of a computer to be partitioned via kernel support for multiple isolated user space instances, while physically resembling and feeling like real machines to the end users. OSL virtualization is typically referred to as “containers”.
A hypervisor is computer software, firmware, or hardware that creates and runs virtual machines. The hypervisor uses native execution to share and manage hardware. Thus, hypervisor(s) allow for multiple environments which are isolated from one another, yet exist on the same physical machine. Modern hypervisors use hardware-assisted virtualization and virtualization-specific hardware, primarily from the host CPUs. A hypervisor may be referred to as a virtual machine monitor (VMM). A computer on which a hypervisor runs one or more virtual machines is called a host machine. Each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Multiple instances of a variety of operating systems may share the virtualized hardware resources. In contrast, OSL virtualization, (e.g., the containers mentioned above) must share a single kernel. However, the guest operating systems can differ in user space.
Within multi-node server architectures, the node is defined as a unit of hardware with a processor; memory; and internally and externally connected IO devices. Multiple units of such hardware are interconnected with inter-node cables (e.g., SMP cables). Within server architectures, the workloads (i.e., the amount of processing that the computer has been given to do at a given time) can be hosted on a virtualization layer as multiple partitions or as a virtual machine, which is installed directly on hardware rather than within the host operating system (OS). The virtual machine, which is installed directly on hardware rather than within the host operation, is referred to as “bare metal.” The “bare metal” has the operating system running directly on top of the hardware portion.
An entity residing in a remote server may attempt to access the sensitive/restricted resources and data of another server (e.g., the target server of the entity residing in the remote server). Such attempts to access sensitive/restricted resources and data residing within the target server are unauthorized. Thus, the unauthorized attempts at accessing the sensitive/restricted resources and data residing within the target server place businesses and other organizations at grave risk of compromising essential information, as contained in the sensitive resources and/or data residing within the target server. Solutions, which can detect and thwart these unauthorized attempts, are of interest to businesses and organizations looking to protect valuable information from unauthorized entities.